OSS-SIRT Engineer (Cybersecurity)

TL;DR

OSS-SIRT Engineer (Cybersecurity): Supporting daily operations of the Open Source Security Foundation by managing vulnerability intake, validation, and maintainer coordination with an accent on ecosystem-scale security. Focus on triaging vulnerability reports, maintaining disclosure workflows, and contributing to security documentation and metrics.

Salary: $100,000 – $125,000 USD

Company

The hirify.global is a non-profit organization providing a neutral hub for developers and organizations to manage and scale open source technology projects.

What you will do

• Triage incoming vulnerability reports and submissions.
• Validate records for completeness, accuracy, and schema compliance.
• Assist with maintainer and researcher communications.
• Support CVE/ID requests and aliasing workflows.
• Maintain dashboards, metrics, and reporting.
• Contribute to documentation, playbooks, and runbooks.

Requirements

• 2–5 years of experience in security engineering, application security, or open source development.
• Familiarity with vulnerability lifecycles and disclosure practices.
• Strong written communication skills.
• Interest in open source communities and collaboration.
• Must be independently authorized to work in the country of employment without visa sponsorship.

Nice to have

• Exposure to CVE, OSV, or GitHub Advisories.
• Experience contributing to open source projects.
• Basic scripting or data analysis skills.